org.keycloak.authentication.actiontoken

Class DefaultActionToken

java.lang.Object

org.keycloak.representations.JsonWebToken

org.keycloak.authentication.actiontoken.DefaultActionTokenKey

org.keycloak.authentication.actiontoken.DefaultActionToken

All Implemented Interfaces:

Serializable, ActionTokenKeyModel, ActionTokenValueModel, Token

Direct Known Subclasses:

ExecuteActionsActionToken, IdpVerifyAccountLinkActionToken, ResetCredentialsActionToken, VerifyEmailActionToken

public class DefaultActionToken
extends DefaultActionTokenKey
implements ActionTokenValueModel

Part of action token that is intended to be used e.g. in link sent in password-reset email. The token encapsulates user, expected action and its time of expiry.

Author:

hmlnarik

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static TokenVerifier.Predicate<DefaultActionTokenKey>	ACTION_TOKEN_BASIC_CHECKS
static String	JSON_FIELD_AUTHENTICATION_SESSION_ID

Fields inherited from class org.keycloak.authentication.actiontoken.DefaultActionTokenKey

ACTION_TOKEN_USER_ID, JSON_FIELD_ACTION_VERIFICATION_NONCE

Fields inherited from class org.keycloak.representations.JsonWebToken

audience, exp, iat, id, issuedFor, issuer, nbf, otherClaims, subject, type

Constructor Summary

Constructors

Modifier	Constructor and Description
	DefaultActionToken() Single-use random value used for verification whether the relevant action is allowed.
protected	DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce)
protected	DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce, String compoundAuthenticationSessionId)

Method Summary

Modifier and Type	Method and Description
String	getCompoundAuthenticationSessionId()
String	getNote(String name) Returns value of the given note (or null when no note of this name is present)
Map<String,String>	getNotes() Returns unmodifiable map of all notes.
String	removeNote(String name) Removes given note, and returns original value (or null when no value was present)
String	serialize(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uri) Updates the following fields and serializes this token into a signed JWT.
void	setCompoundAuthenticationSessionId(String authenticationSessionId)
String	setNote(String name, String value) Sets value of the given note

Methods inherited from class org.keycloak.authentication.actiontoken.DefaultActionTokenKey

from, getActionId, getActionVerificationNonce, getUserId

Methods inherited from class org.keycloak.representations.JsonWebToken

addAudience, audience, exp, expiration, getAudience, getCategory, getExp, getExpiration, getIat, getId, getIssuedAt, getIssuedFor, getIssuer, getNbf, getNotBefore, getOtherClaims, getSubject, getType, hasAudience, iat, id, isActive, isActive, isExpired, isNotBefore, issuedAt, issuedFor, issuedNow, issuer, nbf, notBefore, setOtherClaims, setSubject, subject, type

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.models.ActionTokenKeyModel

getExpiration, serializeKey

Field Detail

JSON_FIELD_AUTHENTICATION_SESSION_ID

public static final String JSON_FIELD_AUTHENTICATION_SESSION_ID

See Also:

Constant Field Values

ACTION_TOKEN_BASIC_CHECKS

public static final TokenVerifier.Predicate<DefaultActionTokenKey> ACTION_TOKEN_BASIC_CHECKS

Constructor Detail

DefaultActionToken

public DefaultActionToken()

Single-use random value used for verification whether the relevant action is allowed.

DefaultActionToken

protected DefaultActionToken(String userId,
                             String actionId,
                             int absoluteExpirationInSecs,
                             UUID actionVerificationNonce)

Parameters:

userId - User ID

actionId - Action ID

absoluteExpirationInSecs - Absolute expiration time in seconds in timezone of Keycloak.

actionVerificationNonce -

DefaultActionToken

protected DefaultActionToken(String userId,
                             String actionId,
                             int absoluteExpirationInSecs,
                             UUID actionVerificationNonce,
                             String compoundAuthenticationSessionId)

Parameters:

userId - User ID

actionId - Action ID

absoluteExpirationInSecs - Absolute expiration time in seconds in timezone of Keycloak.

actionVerificationNonce -

Method Detail

getCompoundAuthenticationSessionId

public String getCompoundAuthenticationSessionId()

setCompoundAuthenticationSessionId

public final void setCompoundAuthenticationSessionId(String authenticationSessionId)

getNotes

public Map<String,String> getNotes()

Description copied from interface: ActionTokenValueModel

Returns unmodifiable map of all notes.

Specified by:

getNotes in interface ActionTokenValueModel

Returns:

see description. Returns empty map if no note is set, never returns null.

getNote

public String getNote(String name)

Description copied from interface: ActionTokenValueModel

Returns value of the given note (or null when no note of this name is present)

Specified by:

getNote in interface ActionTokenValueModel

Returns:

see description

setNote

public final String setNote(String name,
                            String value)

Sets value of the given note

Returns:

original value (or null when no value was present)

removeNote

public final String removeNote(String name)

Removes given note, and returns original value (or null when no value was present)

Returns:

see description

serialize

public String serialize(KeycloakSession session,
                        RealmModel realm,
                        javax.ws.rs.core.UriInfo uri)

Updates the following fields and serializes this token into a signed JWT. The list of updated fields follows:

• id: random nonce
• issuedAt: Current time
• issuer: URI of the given realm
• audience: URI of the given realm (same as issuer)

Parameters:

session -

realm -

uri -

Returns: